Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-46365", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2022-12-02T08:52:04.022Z", "datePublished": "2023-05-01T14:53:50.130Z", "dateUpdated": "2024-10-15T16:43:14.987Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache StreamPark (incubating)", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "2.0.0", "status": "affected", "version": "1.0.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\"><div><div>Apache StreamPark 1.0.0 <span style=\"background-color: rgb(255, 255, 255);\">before</span> 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, <span style=\"background-color: rgb(255, 255, 255);\">Users of the affected </span><span style=\"background-color: rgb(255, 255, 255);\">versions should upgrade to Apache StreamPark 2.0.0 or later.</span></div></div></span></span><br>"}], "value": "Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer\u00a0as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account,\u00a0Users of the affected\u00a0versions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n"}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-05-01T14:53:50.130Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/f68lcwrp8pcdc4yrbpcm8j7m0f5mjn7h"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache StreamPark (incubating): Logic error causing any account reset", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:31:46.200Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/f68lcwrp8pcdc4yrbpcm8j7m0f5mjn7h"}]}, {"affected": [{"vendor": "apache", "product": "streampark", "cpes": ["cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.0", "status": "affected", "lessThan": "2.0.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T16:42:14.773900Z", "id": "CVE-2022-46365", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T16:43:14.987Z"}}]}} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat